Executive Summary

Informations
Name CVE-2024-56665 First vendor Publication 2024-12-27
Vendor Cve Last vendor Modification 2025-01-06

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog

Syzbot reported [1] crash that happens for following tracing scenario:

- create tracepoint perf event with attr.inherit=1, attach it to the
process and set bpf program to it
- attached process forks -> chid creates inherited event

the new child event shares the parent's bpf program and tp_event
(hence prog_array) which is global for tracepoint

- exit both process and its child -> release both events
- first perf_event_detach_bpf_prog call will release tp_event->prog_array
and second perf_event_detach_bpf_prog will crash, because
tp_event->prog_array is NULL

The fix makes sure the perf_event_detach_bpf_prog checks prog_array is valid before it tries to remove the bpf program from it.

[1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56665

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3703

Sources (Detail)

https://git.kernel.org/stable/c/842e5af282453983586e2eae3c8eaf252de5f22f
https://git.kernel.org/stable/c/978c4486cca5c7b9253d3ab98a88c8e769cb9bbd
https://git.kernel.org/stable/c/c2b6b47662d5f2dfce92e5ffbdcac8229f321d9d
https://git.kernel.org/stable/c/dfb15ddf3b65e0df2129f9756d1b4fa78055cdb3
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Date Informations
2025-07-15 02:41:15
  • Multiple Updates
2025-07-14 12:38:32
  • Multiple Updates
2025-06-26 02:38:29
  • Multiple Updates
2025-06-25 12:36:33
  • Multiple Updates
2025-06-24 02:43:07
  • Multiple Updates
2025-05-27 02:48:32
  • Multiple Updates
2025-03-29 03:44:26
  • Multiple Updates
2025-03-28 13:47:42
  • Multiple Updates
2025-03-28 03:22:15
  • Multiple Updates
2025-03-19 03:17:04
  • Multiple Updates
2025-03-18 03:30:03
  • Multiple Updates
2025-03-14 03:17:11
  • Multiple Updates
2025-03-06 14:13:43
  • Multiple Updates
2025-02-22 03:27:15
  • Multiple Updates
2025-01-08 00:20:54
  • Multiple Updates
2025-01-07 03:08:09
  • Multiple Updates
2025-01-07 00:20:37
  • Multiple Updates
2025-01-06 21:20:49
  • Multiple Updates
2024-12-27 21:20:28
  • First insertion